*My how handy. Why I bet certain unnamed global media empires could make all kinds of use of that feature.
*In other SANS news, Wordpress is historically broken and beyond repair. Too bad this is a Wordpress blog. By the way, I've been besieged with comment spam for the past couple of months. Never saw the like before.
*This blog for one welcomes our new app malware snooping cyberwar overlords.
–Android Trojan Records Conversations
(August 2 & 3, 2011)
A recently detected Trojan horse variant that affects Android devices
is capable of recording conversations users hold on their phones.
Earlier versions of Android Trojans could harvest the numbers of calls
made and received and the length of those calls, but the new variant
grabs conversations contents and stores them on the SD-slot memory card
from where the attackers can upload to servers. The malware requires
permission to be installed on Android devices. The dialog box seeking
permission spells out what the Trojan will have permission to do,
including intercepting calls, recording audio and preventing the phone
from sleeping.
http://www.h-online.com/security/news/item/Android-trojan-records-phone-calls-1317967.html
http://www.theregister.co.uk/2011/08/02/android_malware_records_calls/
http://arstechnica.com/gadgets/news/2011/08/new-android-trojan-records-all-phone-calls.ars
http://community.ca.com/blogs/securityadvisor/archive/2011/08/01/a-trojan-spying-on-your-conversations.aspx
–Flaw in WordPress Utility Being Actively Exploited
(August 2, 2011)
A zero-day vulnerability in the Wordpress blogging platform is being
actively exploited. The issue lies in an image-resizing utility called
TimThumb, which is used in many Wordpress themes. The utility writes
files into a directory when it gets images, and that directory is
accessible to site visitors, who could potentially upload malicious
files. The flaw has been exploited to upload advertising content to
people's blogs without their permission.
http://www.computerworld.com/s/article/9218798/Zero_day_bug_found_in_Wordpress_image_utility
http://www.scmagazineus.com/zero-day-flaw-affects-popular-wordpress-image-utility/article/208933/
[Editor's Note (Murray): We should add Wordpress to the list with
Windows and Adobe, historically broken, probably beyond repair.]
